Data protection

How to enable BitLocker device encryption on any Surface

The Windows 10 Fall Creators Update makes it easier to configure device encryption on all Surface devices — Here are the instructions.

Windows 10's BitLocker on Surface

Whether you have a Surface Pro, Surface Book, or Surface Laptop, they all have at least one thing in common. They all are mobile devices that you can take everywhere. However, it also means that they can easily get lost or quickly stolen.

Although the hardware can always be replaced, one thing you may not be able to afford is your files, or your organization’s data, getting compromised. And this is when BitLocker can help.

On Windows 10, BitLocker is a security feature that protects your files using data encryption to prevent unauthorized access from hackers and prying eyes. BitLocker provides encryption for full drives and portable drives, and while it’s a feature that has been around for years, on Windows 10, it can even protect individual files with data loss protection.

In this guide, you’ll learn the easy steps to set up BitLocker on any Surface to help protect your data using the Settings app on Windows 10.

How to turn on BitLocker encryption on any Surface

All Surface devices features a Trusted Platform Module (TPM) that make it super easy to encrypt all your data.

  1. Open Settings.

  2. Click on Update & Security.

  3. Click on Device encryption.

  4. Click the Turn on button.

    Windows 10 device encryption
    Windows 10 device encryption

Once you’ve completed the steps, Microsoft’s BitLocker will provide encryption for the full drive, and moving forward all your new files will be encrypted.

At any time, you can disable BitLocker on your Surface Pro, Surface Book, or Surface Laptop with the same steps, but in this case the click the Turn off button in step No. 4.

Microsoft’s BitLocker details

After turning on drive encryption on your Surface, the only way to decrypt your files is by signing in to your device with your account password. If you ever forget your password, never try to use third-party recovery tools to reset your password, as you will lose access to files forever.

The Device Encryption option in the Settings is only available on devices with a Trusted Platform Module (TPM) version 1.2 or later starting with the Windows 10 Fall Creators Update.

The TPM is a chip installed inside your Surface and many newer computers. It works with BitLocker to help protect your data and to ensure that the device has not been tampered with while the system was offline.

In the case, you’re dealing with another kind of computer without a TPM chip, you can still use Windows 10’s BitLocker, but you’ll be required to use a USB drive with a startup key to start or resume from hibernation. Alternatively, it’s also possible to use a volume password to protect the partition that houses Windows 10. However, neither of these options provide system integrity verification offered on a device using TPM.

If you’re having problems setting up BitLocker, you can submit your questions in the PUREinfoTech forums.